43 int open_(
const char * path ) ;
44 void close_(
int fd ) ;
45 ssize_t read_(
int fd ,
char * p , std::size_t n ) ;
46 void sleep_(
int s ) ;
47 void randomFillImp(
char * p , std::size_t n ) ;
48 int randomFill(
void * ,
unsigned char * output , std::size_t len , std::size_t * olen ) ;
51 explicit FileCloser(
int fd ) : m_fd(fd) {}
52 ~FileCloser() {
if(m_fd >= 0) close_(m_fd) ; }
53 FileCloser(
const FileCloser & ) = delete ;
54 FileCloser( FileCloser && ) = delete ;
55 FileCloser & operator=(
const FileCloser & ) = delete ;
56 FileCloser & operator=( FileCloser && ) = delete ;
57 void release() { m_fd = -1 ; }
63GSsl::MbedTls::Error::Error(
const std::string & fname ,
int rc ) :
64 std::runtime_error(
std::string(
"tls error: ").append(fname).append(
": ").append(
std::to_string(rc)) )
68std::string GSsl::MbedTls::generateKey(
const std::string & issuer_name )
70 X<mbedtls_entropy_context> entropy( mbedtls_entropy_init , mbedtls_entropy_free ) ;
71 if( !G::is_windows() )
73 const int threshold = 32 ;
74 call( FN(mbedtls_entropy_add_source) , entropy.ptr() , MbedTlsImp::randomFill ,
nullptr ,
75 threshold , MBEDTLS_ENTROPY_SOURCE_STRONG ) ;
78 X<mbedtls_ctr_drbg_context> drbg( mbedtls_ctr_drbg_init , mbedtls_ctr_drbg_free ) ;
80 std::string seed_name =
"gssl_mbedtls" ;
81 auto seed_name_p =
reinterpret_cast<const unsigned char*
>( seed_name.data() ) ;
82 call( FN(mbedtls_ctr_drbg_seed) , drbg.ptr() , mbedtls_entropy_func , entropy.ptr() , seed_name_p , seed_name.size() ) ;
85 X<mbedtls_pk_context> key( mbedtls_pk_init , mbedtls_pk_free ) ;
87 const mbedtls_pk_type_t type = MBEDTLS_PK_RSA;
88 const unsigned int keysize = 4096U ;
89 const int exponent = 65537 ;
90 call( FN(mbedtls_pk_setup) , key.ptr() , mbedtls_pk_info_from_type(type) ) ;
91 call( FN(mbedtls_rsa_gen_key) , mbedtls_pk_rsa(key.x) , mbedtls_ctr_drbg_random , drbg.ptr() , keysize , exponent ) ;
96 std::vector<unsigned char> pk_buffer( 16000U ) ;
97 call( FN(mbedtls_pk_write_key_pem) , key.ptr() , &pk_buffer[0] , pk_buffer.size() ) ;
98 pk_buffer[pk_buffer.size()-1] = 0 ;
99 s_key =
reinterpret_cast<const char*
>( &pk_buffer[0] ) ;
104 X<mbedtls_mpi> mpi( mbedtls_mpi_init , mbedtls_mpi_free ) ;
106 const char * serial =
"1" ;
107 call( FN(mbedtls_mpi_read_string) , mpi.ptr() , 10 , serial ) ;
110 X<mbedtls_x509write_cert> crt( mbedtls_x509write_crt_init , mbedtls_x509write_crt_free ) ;
112 const char * not_before =
"20200101000000" ;
113 const char * not_after =
"20401231235959" ;
114 const int is_ca = 0 ;
115 const int max_pathlen = -1 ;
116 call( FN(mbedtls_x509write_crt_set_subject_key) , crt.ptr() , key.ptr() ) ;
117 call( FN(mbedtls_x509write_crt_set_issuer_key) , crt.ptr() , key.ptr() ) ;
118 call( FN(mbedtls_x509write_crt_set_subject_name) , crt.ptr() , issuer_name.c_str() ) ;
119 call( FN(mbedtls_x509write_crt_set_issuer_name) , crt.ptr() , issuer_name.c_str() ) ;
120 call( FN(mbedtls_x509write_crt_set_version) , crt.ptr() , MBEDTLS_X509_CRT_VERSION_3 ) ;
121 call( FN(mbedtls_x509write_crt_set_md_alg) , crt.ptr() , MBEDTLS_MD_SHA256 ) ;
122 call( FN(mbedtls_x509write_crt_set_serial) , crt.ptr() , mpi.ptr() ) ;
123 call( FN(mbedtls_x509write_crt_set_validity) , crt.ptr() , not_before , not_after ) ;
124 call( FN(mbedtls_x509write_crt_set_basic_constraints) , crt.ptr() , is_ca , max_pathlen ) ;
125 call( FN(mbedtls_x509write_crt_set_subject_key_identifier) , crt.ptr() ) ;
126 call( FN(mbedtls_x509write_crt_set_authority_key_identifier) , crt.ptr() ) ;
131 std::vector<unsigned char> crt_buffer( 4096 ) ;
132 call( FN(mbedtls_x509write_crt_pem) , crt.ptr() , &crt_buffer[0] , crt_buffer.size() , mbedtls_ctr_drbg_random , drbg.ptr() ) ;
133 crt_buffer[crt_buffer.size()-1] = 0 ;
134 s_crt =
reinterpret_cast<const char*
>( &crt_buffer[0] ) ;
137 return s_key.append( s_crt ) ;
140void GSsl::MbedTlsImp::randomFillImp(
char * p , std::size_t n )
144 int fd = open_(
"/dev/random" ) ;
146 throw std::runtime_error(
"cannot open /dev/random" ) ;
147 FileCloser closer( fd ) ;
151 ssize_t nread_s = read_( fd , p , n ) ;
153 throw std::runtime_error(
"cannot read /dev/random" ) ;
155 std::size_t nread =
static_cast<std::size_t
>( nread_s ) ;
157 throw std::runtime_error(
"cannot read /dev/random" ) ;
167int GSsl::MbedTlsImp::randomFill(
void * ,
unsigned char * output , std::size_t len , std::size_t * olen )
170 randomFillImp(
reinterpret_cast<char*
>(output) , len ) ;
176#pragma warning( suppress : 4996 )
177int GSsl::MbedTlsImp::open_(
const char * path ) {
return _open( path , _O_RDONLY ) ; }
178void GSsl::MbedTlsImp::close_(
int fd ) { _close( fd ) ; }
179ssize_t GSsl::MbedTlsImp::read_(
int fd ,
char * p , std::size_t n ) {
return _read( fd , p ,
static_cast<unsigned>(n) ) ; }
180void GSsl::MbedTlsImp::sleep_(
int s ) { Sleep( s * 1000 ) ; }
182int GSsl::MbedTlsImp::open_(
const char * path ) { return ::open( path , O_RDONLY ) ; }
183void GSsl::MbedTlsImp::close_(
int fd ) { ::close( fd ) ; }
184ssize_t GSsl::MbedTlsImp::read_(
int fd ,
char * p , std::size_t n ) { return ::read( fd , p , n ) ; }
185void GSsl::MbedTlsImp::sleep_(
int s ) { ::sleep( s ) ; }
TLS/SSL transport layer security classes.